* make_checksum.c (krb5_c_make_checksum): Note the fact that we're
authorTom Yu <tlyu@mit.edu>
Tue, 5 Jan 1999 05:14:54 +0000 (05:14 +0000)
committerTom Yu <tlyu@mit.edu>
Tue, 5 Jan 1999 05:14:54 +0000 (05:14 +0000)
punting on dealing with backwards compat with length-included
checksums.

* etypes.c: Add ENCTYPE_LOCAL_DES3_HMAC_SHA1 as a temporary
kludge.  Note that this is added to the end of the array so other
code can lop off the last member of the array and the right thing
will happen so that it is possible to disable des3-marc-hmac-sha1
from the KDC command line, for instance.

* configure.in: Conditionalize ATHENA_DES3_KLUDGE on
--enable-athena.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11099 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/crypto/ChangeLog
src/lib/crypto/configure.in
src/lib/crypto/etypes.c
src/lib/crypto/make_checksum.c

index 3326e6d24ffdcd0ae72ce537af47368c8bebfe11..ccce05aecd562987241b9c1a3adc55de1e0c3b88 100644 (file)
@@ -1,3 +1,18 @@
+Tue Jan  5 00:06:02 1999  Tom Yu  <tlyu@mit.edu>
+
+       * make_checksum.c (krb5_c_make_checksum): Note the fact that we're
+       punting on dealing with backwards compat with length-included
+       checksums.
+
+       * etypes.c: Add ENCTYPE_LOCAL_DES3_HMAC_SHA1 as a temporary
+       kludge.  Note that this is added to the end of the array so other
+       code can lop off the last member of the array and the right thing
+       will happen so that it is possible to disable des3-marc-hmac-sha1
+       from the KDC command line, for instance.
+
+       * configure.in: Conditionalize ATHENA_DES3_KLUDGE on
+       --enable-athena.
+
 1998-11-13  Theodore Ts'o  <tytso@rsts-11.mit.edu>
 
        * Makefile.in: Set the myfulldir and mydir variables (which are
index 2fb1faffbfa4e54dacccb142e6be2342c27ae93b..0dfa334f3969e978c02a4b337eef099a91e30680 100644 (file)
@@ -10,6 +10,12 @@ KRB5_BUILD_PROGRAM
 KRB5_BUILD_LIBOBJS
 KRB5_BUILD_LIBRARY
 
+dnl XXX This will go away soon. -- tlyu
+AC_ARG_ENABLE([athena],
+[  --enable-athena         build with MIT Project Athena configuration
+                           -- here meaning use temporary DES3 etype that
+                              includes 32-bit length codings],
+[AC_DEFINE(ATHENA_DES3_KLUDGE)],)
 K5_GEN_MAKEFILE(., lib libobj)
 K5_GEN_MAKEFILE(crc32, libobj)
 K5_GEN_MAKEFILE(des, libobj)
index cebb5bda5a43cde7f7740e8f77894f0a21709d89..4d16aa96a7b5291f5968b30f5e5730262808c197 100644 (file)
@@ -76,6 +76,14 @@ struct krb5_keytypes krb5_enctypes_list[] = {
       &krb5_enc_des, &krb5_hash_sha1,
       krb5_dk_encrypt_length, krb5_dk_encrypt, krb5_dk_decrypt,
       krb5_dk_string_to_key },
+#ifdef ATHENA_DES3_KLUDGE
+    { ENCTYPE_LOCAL_DES3_HMAC_SHA1,
+      "des3-marc-hmac-sha1",
+      "Triple DES with HMAC/sha1 and 32-bit length code",
+      &krb5_enc_des3, &krb5_hash_sha1,
+      krb5_marc_dk_encrypt_length, krb5_marc_dk_encrypt, krb5_marc_dk_decrypt,
+      krb5_dk_string_to_key },
+#endif
 };
 
 int krb5_enctypes_length =
index 2be79ccb46c1d7170bd0a88529af084de6847535..2c39475367e424a7d97b32bf30e59ec218d4e1e8 100644 (file)
@@ -87,7 +87,15 @@ krb5_c_make_checksum(context, cksumtype, key, usage, input, cksum)
        ret = (*(krb5_cksumtypes_list[i].keyhash->hash))(key, 0, input, &data);
     } else if (krb5_cksumtypes_list[i].flags & KRB5_CKSUMFLAG_DERIVE) {
        /* any key is ok */
-
+#ifdef ATHENA_DES3_KLUDGE
+       /*
+        * XXX Punt on actually using krb5_marc_dk_make_checksum
+        * for now because we never actually use a DES3 session key
+        * anywhere on Athena, and this is temporary anyway.
+        * In any case, it's way too hairy to actually make this work
+        * properly.
+        */
+#endif
        ret = krb5_dk_make_checksum(krb5_cksumtypes_list[i].hash,
                                    key, usage, input, &data);
     } else {